Search Our Database

How to install ConfigServer Security and Firewall (csf) in Linux

Last updated on |

Introduction

ConfigServer Security & Firewall (CSF) is a popular security tool for Linux servers, providing firewall capabilities, brute-force detection, and login monitoring. This guide outlines a general process for installing CSF on any Linux distribution, detailing each step from downloading the package to configuring CSF’s settings. This tutorial covers various package managers (apt, dnf, yum, and zypper) to accommodate different Linux distributions.

 

Prerequisites

  • A Linux server with root or sudo privileges.
  • Terminal or SSH access to the server.
  • Familiarity with text editors like vi, nano, or vim.

 

Step-by-Step Guide

Step 1: Log in to Your Linux Server

Access your server by logging in with a user account that has sudo privileges.

 

Step 2: Update System Packages

Ensure all installed packages on your system are up-to-date. Run the following command based on your Linux distribution’s package manager:

# Debian/Ubuntu-based systems
sudo apt update && sudo apt upgrade -y

# Red Hat/CentOS/AlmaLinux/Rocky Linux/Fedora
sudo dnf update -y
sudo yum update -y  # if using yum

# openSUSE/SUSE Linux Enterprise
sudo zypper refresh && sudo zypper update -y
Note: If your system does not have the package manager specified, refer to your distribution’s documentation for the equivalent command.

 

Step 3: Install Required Dependencies

CSF requires several Perl modules and utilities. Use the appropriate command for your distribution to install these dependencies:

# Debian/Ubuntu-based systems
sudo apt install libwww-perl libperl4-corelibs-perl liblwp-protocol-https-perl wget -y

# Red Hat/CentOS/AlmaLinux/Rocky Linux/Fedora
sudo dnf install perl-libwww-perl perl-Math-BigInt wget -y
sudo yum install perl-libwww-perl perl-Math-BigInt wget -y  # if using yum

# openSUSE/SUSE Linux Enterprise
sudo zypper install perl-libwww-perl perl-Math-BigInt wget -y

 

Step 4: Download the CSF Installation Files

Download the CSF archive to the /usr/src directory or any other suitable directory on your server:

cd /usr/src
wget https://download.configserver.com/csf.tgz

 

Step 5: Extract the CSF Files

Extract the downloaded CSF archive using tar. If tar is not installed on your system, install it with your package manager (apt, dnf, yum, or zypper).

tar xzf csf.tgz
cd csf

 

Step 6: Run the CSF Installation Script

Run the installation script provided with CSF and check compatibility with your server’s firewall modules:

sudo sh install.sh
sudo perl /usr/local/csf/bin/csftest.pl

The output should confirm that CSF can function on the server, showing lines like:

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
...
RESULT: csf should function on this server

 

Step 7: Configure CSF

To activate CSF, edit the configuration file and disable testing mode. Open the file using vi, vim, or nano:

sudo vi /etc/csf/csf.conf

In the configuration file, locate TESTING = “1” and change it to TESTING = “0”. This step is essential to enable CSF. You may also specify allowed incoming and outgoing ports.

Tip: Configure ports in TCP_IN and TCP_OUT settings to allow traffic through the firewall for essential services like SSH, HTTP, and HTTPS.

 

Step 8: Start and Enable CSF and LFD Services

Start CSF and its companion service, Login Failure Daemon (LFD), and set them to start on boot.

sudo systemctl restart csf && sudo systemctl restart lfd
sudo systemctl enable csf && sudo systemctl enable lfd
sudo systemctl status csf && sudo systemctl status lfd

 

Step 9: Verify the CSF Installation

To confirm the CSF installation, check its version:

csf -v

Step 10: Review the CSF Manual

CSF includes a comprehensive manual that can help users understand its capabilities and configuration options. Use the following command to access it:

man csf

 

Conclusion

CSF is now installed and running on your Linux server, ready to manage firewall rules and enhance server security. For additional options and commands, consult the CSF manual.

Should you have any inquiries about the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.